Security Policy
Company – linked-mail.com
This Security Policy outlines linked-mail.com’s security program, as well as the technical and organizational controls in place to protect customer data from unauthorized access, disclosure, or theft, and to safeguard the linked-mail.com services. linked-mail.com is committed to regularly updating its security strategies to address evolving security threats. As part of this commitment, linked-mail.com reserves the right to update this Security Policy periodically, ensuring that any modifications do not materially reduce the protections outlined herein.
Security Program
linked-mail.com maintains a robust, risk-based security assessment program. The framework of this program includes administrative, organizational, and technical safeguards designed to protect linked-mail.com services and ensure the confidentiality, integrity, and availability of customer data. The security program is designed to align with the nature of linked-mail.com services and the size and complexity of the company’s operations.
Confidentiality
All linked-mail.com employees and contract personnel are bound by contractual agreements and internal policies designed to maintain the confidentiality of customer data. These agreements and policies obligate personnel to uphold strict confidentiality requirements.
People Security
All employees at linked-mail.com are required to complete security and privacy training, which covers security policies, best practices, and privacy principles. Application passwords must be stored in a password manager, and each service must have a unique password. Two-factor authentication (2FA) is mandatory wherever available, with a preference for physical keys or 2FA applications over SMS 2FA.
Third-Party Vendor Management
- Vendor Assessment:
linked-mail.com uses third-party vendors for certain services. Prior to engagement, linked-mail.com conducts a security risk assessment to ensure vendors meet its security standards. - Vendor Agreements:
linked-mail.com enters into written agreements with all vendors, including confidentiality, privacy, and security obligations that protect customer data processed by these vendors.
Hosting Architecture and Data Segregation
- Hosting Environment:
linked-mail.com services are hosted on a secure cloud platform with encryption in place at all times. The cloud provider does not have access to unencrypted customer data. Further details about the cloud provider’s security measures can be found [here]. - Databases:
Database access is restricted to authorized IP addresses only. Connections from outside linked-mail.com’s internal network are rejected. Pseudonymization is employed where possible, particularly for sensitive data such as email verifications. OAuth tokens and passwords are encrypted using secure algorithms.
Services
linked-mail.com employs strict access control measures for network access between production hosts, utilizing access control lists to restrict access to authorized roles only. These lists are reviewed regularly to maintain security.
Security by Design
linked-mail.com adheres to security by design principles, including internal security reviews before deploying new services or code, third-party penetration testing of new services, and regular scans to detect potential security threats and vulnerabilities.
Access Controls
- Provisioning Access:
linked-mail.com follows the principle of least privilege through a role-based access control model. Employee access to customer data is removed upon termination. Access to the production environment requires unique credentials and multi-factor authentication, and all high-risk actions are logged. - Password Controls:
linked-mail.com enforces strong password policies, ensuring that users cannot create accounts using compromised passwords from the haveibeenpwned.com database.
Logs
linked-mail.com maintains logs of critical actions, including:
- HTTP requests logged in cloud logging services.
- Sensitive user actions stored in a secure database.
- Actions by support agents stored in a secure database.
Vulnerability Management
linked-mail.com regularly conducts vulnerability scans using third-party tools to assess and mitigate potential security risks. Critical software patches are promptly evaluated, tested, and applied.
Customer Data Backups
linked-mail.com ensures regular backups of customer data as follows:
- On-site backups, managed by the cloud provider, encrypted at rest through advanced encryption methods.
- On-site backups, managed by linked-mail.com, stored in a secure cloud storage bucket and encrypted at rest.
- Off-site backups, managed by linked-mail.com, performed weekly and encrypted with state-of-the-art algorithms.
Last updated: 30-08-2024